All I'm intending to do is only update the attributes in db if users entered password (:current_password) successfully passes authentication (the same method I use to log in users which would confirm password matches the one stored in the db) and if it does take the params of users form , in this case the newly hashed password and store it in the db..